Reaching out to potential supporters and raising funds for projects are important goals for any non-profit or charity. In the digital age, much of this work is done online and through e-mail, where readers can learn about causes on their own time and decide if and how they would like to contribute. But of course, no one wants to receive dozens and dozens of unprompted e-mails in their inboxes asking for contributions, even if it’s for a good cause!
In 2010, the Federal government introduced Canada’s Anti-Spam Legislation (“CASL”) to govern e-mail correspondences of this nature. CASL is Canada’s primary enforcement mechanism against spam, spyware, and malware in the electronic market. It is an important piece of legislation for advocacy groups, NGOs, and charities because it governs what messages they can and cannot send to possible supporters.
CASL applies to all commercial electronic messages (CEM) that are sent out in Canada. There’s no clear-cut test to determine whether something is a CEM, but messages such as offers to purchase/sell goods and services, offers to provide business opportunities, and promoting images of an individual in a business context are generally considered CEMs. If an electronic message has a commercial character, it will be governed by CASL whether or not the message carries a direct expectation of profit. CASL does not apply to social media posts on the organization’s page; however, it likely would apply to direct messages sent out on any social media platforms. Requests for consent, such as e-mails asking individuals to subscribe to a newsletter, could also be seen as CEMs.
Organizations are not allowed to send out CEMs unless they meet the three requirements set out in CASL: first, the organization must obtain express or implied consent before they send out the message; second, the organization must clearly identify itself in the message; finally, the message must include an unsubscribe mechanism.
Given that there is no exception for non-profits, it’s important to know and comply with the requirements set out in CASL. However, there is an exemption to the CASL requirements for registered charities. Registered charities may send out electronic messages without being restricted by CASL if, and only if, the message’s primary purpose is fundraising for the charity. A message’s “primary purpose” is fundraising when that is the main reason for the message being sent. It will likely not be problematic if there is some additional purpose or reason to the message, as long as it is clearly not the main one. An offer to sell branded organization t-shirts, for example, would not be exempt if the t-shirts were not part of a fundraising activity.
This exception only applies to organizations that are registered as charities with the CRA, have a charitable registration number, and can issue charitable donation receipts. Otherwise, organizations cannot benefit from this exemption even if they have a charitable aim.
When collecting personal information, as organizations often do when they are creating mailing lists and newsletter sign-ups, it is important to follow best practices around protecting private information. Generally, NGOs and charities are not subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”), which is the federal law covering the use and collection of personal information for commercial activity. To be safe, charities and NGOs should always check to see whether there are any provincial information protection laws applying to them and what their local compliance requirements are.
Although charities and NGOs are not bound by PIPEDA, it may be worth looking at their 10 best practices for information storage and collection and incorporating some of these tips into your organization’s policies:
- Accountability: organizations are responsible for personal information under their control and must appoint someone to be accountable for their compliance with fair information principles;
- Identifying Purposes: the purpose(s) for which the personal info is being collected must be identified by the organization before/at the time of collection;
- Consent: the knowledge and consent of individuals are required for the collection, use, or disclosure of personal information;
- Limiting Collection: collection of personal information must be limited to what is needed for the purposes identified by the organization;
- Limiting Use, Disclosure, Retention: unless individuals give their consent, personal information should only be used or disclosed for the purposes for which it was collected;
- Accuracy: personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used;
- Safeguards: personal information must be protected by appropriate security relative to the sensitivity of the information;
- Openness: an organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available;
- Individual Access: upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information;
- Challenging Compliance: an individual shall be able to challenge an organization’s compliance with the above principles.
By looking into relevant legislation and following best practices, you can ensure that your organization is complying with all laws and reaching out to possible donors through the proper avenues. Always make sure to do your own research before engaging in large-scale outreach projects. Fundraising and outreach are important parts of any organization’s workflow and it is equally important to make sure they are done in the right way.